[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Antw: Re: ppolicy overlay unable to set pwdAccountLockedTime on to-be-locked users due to ACLs

To: Matthieu Cerda <matthieu.cerda@nbs-system.com>, Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>, openldap-technical@openldap.org
Subject: Re: Antw: Re: ppolicy overlay unable to set pwdAccountLockedTime on to-be-locked users due to ACLs
From: Quanah Gibson-Mount <quanah@symas.com>
Date: Fri, 06 Jan 2017 08:59:43 -0800
Content-disposition: inline
In-reply-to: <WM!24b5d4611ae77219d4e6c77c7b46162ec4088ba87db8210b7c466e35da7ea9bb2d51ceb6f830fc0d4d4e6ac232610906!@mailstronghold-1.zmailcloud.com>
References: <5e90d04befa90e72a414a447ab2995db@ironflake.org> <WM!a627752d55829ff9e4035bf19272d3bad5fdf8397e9dafdbe6c18995baabf9de8d608c8b7e4a902ec66d357d475a3668!@mailstronghold-1.zmailcloud.com> <e198790c-7e28-354b-c67e-41d8e12aa779@symas.com> <f398468253cd8f45c28da3675ae142bb@ironflake.org> <WM!04af1d4a7155fa6422bc55f78d22b62e3c6f9aa417b5cd4b9278ad7c6bfef6e8454270f36f475867309eb7aa4478c281!@mailstronghold-3.zmailcloud.com> <4E97C145472415D13FD2BDFF@[192.168.1.30]> <94c4d9a0-641f-dcab-4dd8-f5c27d7f730b@nbs-system.com> <WM!35b560fcd1d8be4346c04bf48238f0fce0ad9d974761b08b552280679698a5f7db8980881a4946de48349f459dcf8eba!@mailstronghold-3.zmailcloud.com> <F365AC223D2A1E22A5345243@[192.168.1.30]> <586B5B3C020000A100023D54@gwsmtp1.uni-regensburg.de> <b003ca43-3cac-4e42-4201-ada312462e1b@nbs-system.com> <WM!24b5d4611ae77219d4e6c77c7b46162ec4088ba87db8210b7c466e35da7ea9bb2d51ceb6f830fc0d4d4e6ac232610906!@mailstronghold-1.zmailcloud.com>

--On Tuesday, January 03, 2017 2:49 PM +0100 Matthieu Cerda<matthieu.cerda@nbs-system.com> wrote:



Le 03/01/2017 à 08:05, Ulrich Windl a écrit :

Quanah Gibson-Mount <quanah@symas.com> schrieb am 03.01.2017 um 00:11
in

Nachricht <F365AC223D2A1E22A5345243@[192.168.1.30]>:

(...)

Note the bit about "all the operations, ..."

If you think of a way to reword it that you feel is a better
explanation,  that could certainly be considered. :)


I think a notice who is the modifier on ppolicy changes would be woth
it; specifically if it's related to RootDN ;-) I think I had already
asked earlier about some notice on ACLs that ppolicy may or may not need
to work.


Well I certainly didn't understand the message as 'every operation will
be done assuming the rootdn identity' indeed.

I agree with Ulrich, maybe a small note in the manpage saying exactly
that might help, just in case ?

Here is a proposal patch on slapo-ppolicy.5 manpage to clarify that.


Submissions need to be via the ITS system, http://www.openldap.org/its/

Thanks,
Quanah


--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

References:
- Re: ppolicy overlay unable to set pwdAccountLockedTime on to-be-locked users due to ACLs
  - From: Matthieu Cerda <matthieu.cerda@nbs-system.com>
- Re: ppolicy overlay unable to set pwdAccountLockedTime on to-be-locked users due to ACLs
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Antw: Re: ppolicy overlay unable to set pwdAccountLockedTime on to-be-locked users due to ACLs
  - From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>
- Re: Antw: Re: ppolicy overlay unable to set pwdAccountLockedTime on to-be-locked users due to ACLs
  - From: Matthieu Cerda <matthieu.cerda@nbs-system.com>

Prev by Date: Re: (host) and (uid) not indexed (after creating an account)
Next by Date: Re: Syncrepl and multipe values
Index(es):
- Chronological
- Thread